Abstract

Cross-site scripting (XSS) attacks have been extensively studied in the literature, although mitigating such attacks remain a challenge for cyber defenders. In this paper, we survey the existing literature on XSS attacks, focusing on the range of attacks and potential mitigation strategies. Specifically, we review the various XSS attacks from the lens of an attacker. We use a workflow diagram to define the topological relationship among XSS attacks, and to highlight key system weaknesses (e.g., chokepoints). We also present a Hybrid XSS attack (HYXSSA), designed to facilitate the identification of existing and future potential attack vectors in different modalities presented as frameworks (fi). For quantification and visualization of these frameworks, the software application as a rotate view tool is developed. Moreover, we demonstrate how these derived frameworks can be implemented, and provide a guideline to defend against XSS attacks. The implementation results for the given two attack vector shows the feasibility of mapping of attack vectors to actual mathematical vectors. Finally, we present potential challenges and opportunities associated with XSS attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.